I've been exploring adding the ability to encrypt / decrypt the SQLite
database file in ooSQLite. Unfortunately I didn't at first consider the
U.S. restrictions on exporting encryption related software. The encryption
software itself is from the Botan library, details on Botan are at:
http://botan.randombit.net/
If you follow the User list you are already aware of this. Rick has
already done some initial research.
This e-mail is to document why I believe all we need to do is:
* Send an email to [email protected] with our SourceForge URL.
* Update our SourceForge settings to declare the project to be freely
redistributable to all.
The above comes from: http://opensource.org/node/505 at the open source
initiative. A link Rick found.
An e-mail Rick sent to the Botan devel list got this response from Jack
Lloyd, the originator of the Botan library:
http://lists.randombit.net/pipermail/botan-devel/2012-October/001684.html
in the post he essentially says all he had to is send the e-mail I noted
above. The post also has a link to the U.S.Bureau of Industry and Security
which documents the requirements.
>From that site, we see that:
This web page is designed to help exporters of products designed to use
encryption determine whether they have obligations under the EAR. It is
also intended to provide specific guidance to those exporters with
obligations under the EAR as to how to comply the EAR prior to export of
those items.
1. Is my item classified under Category 5, Part 2, of the
EAR?<http://www.bis.doc.gov/encryption/question1.htm>
2. May I self-classify my encryption item and export it *WITHOUT* encryption
registration? <http://www.bis.doc.gov/encryption/question2.htm>
Number 1 above leads to this flowchart:
http://www.bis.doc.gov/encryption/flowchart1.pdf
which clearly shows that the answer to .1 is yes, for adding the support
I'm investigating to ooSQLite.
Number 2 above leads to this flowchart:
http://www.bis.doc.gov/encryption/decision_tree.pdf
Which shows the answer to 2. is yes. This clarifying statement from the
BIS website:
- Certain products that require only a notification before export:
- “Publicly available” encryption software and source code under license
exception TSU (740.13);
is found on this page:
http://www.bis.doc.gov/encryption/question2.htm
TSU (740.13) (e) on the website:
*License Exception:** TSU -- §§740.13(e)*
*Type of Products:* Encryption source code that would be considered
"publicly available" (e.g. "open source") and corresponding object code
*Class of End-Users:* All
*Country Scope: (1)<http://www.bis.doc.gov/encryption/lechart1_sec508.htm#1>
* Global, may not knowingly export to Country Group
E:1*(2)<http://www.bis.doc.gov/encryption/lechart1_sec508.htm#2>
* ("T-7")
*Reporting Requirements:* No
*Restrictions:* Notification or copy by time of export
is on this page:
http://www.bis.doc.gov/encryption/lechart1_sec508.htm
So, it seems to me that the BIS website clearly supports that what we would
need to do is as I listed above, i.e.:
* Send an email to [email protected] with our SourceForge URL.
* Update our SourceForge settings to declare the project to be freely
redistributable to all.
The post at the open source initiative listed above also suggests CC'ing
the e-mail to [email protected] to the open source initiative and they will
keep a copy showing we compiled with the regulations.
So, I propose I go ahead and do this so that I can continue with the
ooSQLite extension I'm considering. This also sets things up so that we
could add an ooRexx extension giving access to the general purpose
encryption library that Botan supplies.
Any objections? Any other comments?
--
Mark Miesfeld
------------------------------------------------------------------------------
Everyone hates slow websites. So do we.
Make your web apps faster with AppDynamics
Download AppDynamics Lite for free today:
http://p.sf.net/sfu/appdyn_sfd2d_oct
_______________________________________________
Oorexx-devel mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/oorexx-devel
